[strongSwan] IPsec in unstable network

[Noel Kuntze]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Zesen,

After looking at the log, it looks like the state of the IPsec SAs
on the two sides got unsynchronized because of the repeated loss of IKE messages.
You can't do a lot about this except increase the amount of retransmissions.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 20.02.2015 um 11:34 schrieb Zesen Qian:
> Hello list,
> I 'm using strongswan in an unstable network, by 'unstable' I mean there
> may be 5 minutes out of an hour, that I cannot connect to the server.
> Most of the time I can establish the connection smoothly, but after
> several hours or several days, I lost the connection to server.
>
> charon.log: https://bpaste.net/show/63b9d0e1dfc6
> ipsec.statusall: https://bpaste.net/show/ec586241759a
>
> At this point I cannot ping hosts on the other side of tunnel, however
> if I do a ipsec stop && ipsec start, the tunnel is up and everything
> works again.
>
> Any comment is appreciated.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU6NfPAAoJEDg5KY9j7GZYKTwP/0575loi6+hr61Sy+CytuNl/
bp+5oYZCH3imVeMzm5K8KQ5j4d1QGNqkEjw/yZDkRRNsaJ3NAn45g3YPTDgx51S0
6jcLhoBibrgN7xjyzRTV1AJHg8htneWI1SdKbWAXwFMUWKkRwJqop5QmSTj4+gKk
/LAfUKceQ2Roaih/7VynjAlKLAjwJfHzgeLagZrtgZy8I6SH6iEItumKQlPFVODN
zOmws4u1qUmlkvL5GglDM5gguNkN0PStee1FWSUWWNWwRW4G+kp4f5l8d7gN+a64
nY/3eIs291957BFM3tkkYTsq3R9BpXjN7V+wT+Qv6TWIiJCHuwbExKCIPNdPgeAb
vUsKQZsKep/K9MM7QItmhw3BwLnfb1DZWhETtRyzpFOAgok/Rhy5Qrq3LvOXh1Gt
g9JxhE+Q7go4GHyYQyRb5CU3N6vxCSJ8LQEWGRYWVDYqZYcqvDk8Wajiiwn/5uaH
OjVtvz8jeW0ya+M9ADkbUvBVTHkKj5CO3RcTFVh7W8590322/fyeK7X8BGbOui0q
+yhvOwpfMZPsxfsCxq4TKMeqo3xH2AzESSw9boPP1cIp+OeFE7Qqo+I994MwW+3M
ytIknJP8Wlm12agUHsOwUcIvURPLB4e3bknzJEzCPOqXy03LmHmgAbPRk5sOJXrn
pi4rEN6m5xxEkyb3cV7s
=ui+S
-----END PGP SIGNATURE-----